References
Talks and Presentations⌗
- Invited Talk for Team Bi0s - Argument Injection - Video & Slides
- HITB GSEC 2018 - Surprise Rant 2.0 Video
- OffensiveCon 2018 - Surprise Rant Video
- Ekoparty 2016 - Let Me GitHub That For You (2016 Argentinian Edition) Video
- Hacktivity 2015 - Your Web app, those hackers & you Video
- HackPra 2015 - Bug Tales Video
- Hackito Ergo Sum 2014 - Ruby on Rails exploitation and effective backdooring
- t2-2013 - <3 Ruby on Rails <3
- HITB Amsterdam 2013 - Attacking Ruby on Rails Applications
- ZeroNights 2012 - They told me I could be anything, so I became BAh7BkkiDHVzZXJfaWQGOgZFVGkG
- HITB Malaysia 2011 - Building and Breaking Ruby on Rails
- Hackito Ergo Sum 2011 - Ruby On Rails From A Code Auditor’s Perspective Video part 1 part 2 part 3
- Berlinsides 2010 - Ruby On Rails From A Code Auditor’s Perspective
Blogposts⌗
GitLab⌗
- Git security audit: Inside the hunt for - and discovery of - CVEs
- Terraform as part of the software supply chain
- A brief look at Gitpod, two bugs, and a quick fix
- Switching “sides” in security
- How to play GitLab’s Capture the Flag at home
- How to exploit parser differentials
- Shopping for an admin account via path traversal
Recurity Labs⌗
- KNX, %s and a backdoor
- Compromise On Checkout - Vulnerabilities in SCM Tools
- dRuby for Penetration Testers
- At Least, I got DoS
Phenoelit⌗
- TL;DR: Just another way to get RCE in i2p version 0.9.13.
- Ruby on Rails Default Token Database
- MySQL madness and Rails
- Let Me Github That For You
- A worst practice in Ruby on Rails
Papers⌗
- Attacking Ruby on Rails Applications - Phrack 69
- A Vulnerability in Reduced Dakarand from PoC||GTFO 01:02 - PoC||GTFO 02:09
Trainings⌗
- Source Code Auditing Like a Ninja - HITB GSEC Singapore 2018
- Source Code Auditing Like a Ninja - HITB Amsterdam 2018
- Ruby on Rails – Auditing & Exploiting the Popular Web Framework - OWASP AppSec EU 2015
- Ruby on Rails – Auditing & Exploiting the Popular Web Framework - OWASP AppSec USA 2014
Other⌗
- Founding member of das Labor a Hackerspace in Bochum
- Review panel member for THREAT CON since 2018
Read other posts